CVE-2026-57588
- EPSS 0.3%
- Veröffentlicht 25.06.2026 13:47:27
- Zuletzt bearbeitet 26.06.2026 16:48:57
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
CVE-2026-57587
- EPSS 0.34%
- Veröffentlicht 25.06.2026 13:47:27
- Zuletzt bearbeitet 26.06.2026 16:47:41
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
CVE-2026-33694
- EPSS 0.15%
- Veröffentlicht 23.04.2026 18:09:41
- Zuletzt bearbeitet 24.04.2026 14:50:56
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerabili...
CVE-2025-36630
- EPSS 0.18%
- Veröffentlicht 01.07.2025 23:11:13
- Zuletzt bearbeitet 15.10.2025 19:52:46
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVE-2025-36625
- EPSS 0.26%
- Veröffentlicht 18.04.2025 19:17:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
CVE-2025-24914
- EPSS 0.14%
- Veröffentlicht 18.04.2025 18:18:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in th...
CVE-2024-3290
- EPSS 0.18%
- Veröffentlicht 17.05.2024 17:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
CVE-2024-3289
- EPSS 0.19%
- Veröffentlicht 17.05.2024 17:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured ...
CVE-2024-2390
- EPSS 0.2%
- Veröffentlicht 18.03.2024 16:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific fi...
CVE-2024-0971
- EPSS 0.78%
- Veröffentlicht 07.02.2024 00:15:55
- Zuletzt bearbeitet 21.11.2024 08:47:55
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.